diff --git a/CVE-2016-9296.patch b/CVE-2016-9296.patch
new file mode 100644
index 0000000..773f92a
--- /dev/null
+++ b/CVE-2016-9296.patch
@@ -0,0 +1,12 @@
+--- ./CPP/7zip/Archive/7z/7zIn.cpp.orig	2016-11-21 01:42:29.460901230 +0000
++++ ./CPP/7zip/Archive/7z/7zIn.cpp	2016-11-21 01:42:57.481197725 +0000
+@@ -1097,7 +1097,8 @@ HRESULT CInArchive::ReadAndDecodePackedS
+       if (CrcCalc(data, unpackSize) != folders.FolderCRCs.Vals[i])
+         ThrowIncorrect();
+   }
+-  HeadersSize += folders.PackPositions[folders.NumPackStreams];
++  if (folders.PackPositions)
++      HeadersSize += folders.PackPositions[folders.NumPackStreams];
+   return S_OK;
+ }
+ 
diff --git a/p7zip.spec b/p7zip.spec
index 22fd53a..1c01f84 100644
--- a/p7zip.spec
+++ b/p7zip.spec
@@ -18,6 +18,7 @@ Source: p7zip_%{version}_src_all-norar.tar.bz2
 Patch0: p7zip_15.14-norar_cmake.patch
 # from Debain
 Patch5: 02_man.patch
+Patch6: CVE-2016-9296.patch
 
 BuildRequires: cmake
 # for 7zG GUI
@@ -61,6 +62,7 @@ rm DOC/License.txt.*
 %patch5 -p1 -b .man
 # move license files
 mv DOC/License.txt DOC/copying.txt .
+%patch6 -p1 -b .CVE-2016-9296
 
 # no need anymore
 ## And fix useless executable bit while we're at it